Marty
Licensed to Heimdall's Ltd

Bifrost - Firewalling made easy

V0.9.2
New?

Show iptables-save

Text area

# Generated by iptables-save v1.2.6a on Wed Oct  9 01:03:12 2002
*nat
:PREROUTING ACCEPT [9680:1754511]
:POSTROUTING ACCEPT [551:33594]
:OUTPUT ACCEPT [551:33594]
-A PREROUTING -s 3.1.0.0/255.255.0.0 -d 3.2.2.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 3.3.3.3:44 
-A POSTROUTING -s 192.168.4.0/255.255.255.0 -o ATM0 -j MASQUERADE 
-A POSTROUTING -s 2.1.1.0/255.255.255.0 -d 2.2.2.0/255.255.255.0 -o eth1 -p udp -m udp --dport 53 -j SNAT --to-source 2.3.3.3 
COMMIT
# Completed on Wed Oct  9 01:03:12 2002
# Generated by iptables-save v1.2.6a on Wed Oct  9 01:03:12 2002
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:DROPPING - [0:0]
:INCOM - [0:0]
:INCOM-Rules - [0:0]
:OUTG - [0:0]
:OUTG-Rules - [0:0]
:SPOOFCH - [0:0]
:SWITCH - [0:0]
-A INPUT -j DROPPING 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fw-A-i New TCP no Syn " 
-A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -j SPOOFCH 
-A FORWARD -j DROPPING 
-A FORWARD -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fw-A-i New TCP no Syn " 
-A FORWARD -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -j SWITCH 
-A OUTPUT -j DROPPING 
-A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -o lo -j ACCEPT 
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -j OUTG-Rules 
-A DROPPING -s 255.255.255.255 -j DROP 
-A DROPPING -d 255.255.255.255 -j DROP 
-A DROPPING -s 5.7.7.8 -j DROP 
-A DROPPING -d 5.7.7.8 -j DROP 
-A INCOM -j SPOOFCH 
-A INCOM-Rules -d 192.168.2.5 -p tcp -m tcp --dport 80 -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fw-L-i Inc WEB " 
-A INCOM-Rules -d 192.168.2.5 -p tcp -m tcp --dport 80 -j ACCEPT 
-A INCOM-Rules -d 192.168.5.8 -p tcp -m tcp --dport 21:22 -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fw-L-i Inc FTP and SSH " 
-A INCOM-Rules -d 192.168.5.8 -p tcp -m tcp --dport 21:22 -j ACCEPT 
-A INCOM-Rules -p tcp -m tcp --dport 113 -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fw-L-i auth " 
-A INCOM-Rules -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable 
-A INCOM-Rules -j ACCEPT 
-A OUTG -j OUTG-Rules 
-A OUTG-Rules -p tcp -m tcp --dport 80 -j ACCEPT 
-A OUTG-Rules -p tcp -m tcp --dport 143 -j ACCEPT 
-A OUTG-Rules -p tcp -m tcp --dport 22 -j ACCEPT 
-A OUTG-Rules -p udp -m udp --dport 53 -j ACCEPT 
-A OUTG-Rules -j ACCEPT 
-A SPOOFCH -s 192.168.5.0/255.255.255.0 -i eth2 -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fw-L Spoofing on  eth2 " 
-A SPOOFCH -s 192.168.5.0/255.255.255.0 -i eth2 -j DROP 
-A SPOOFCH -s 172.17.32.0/255.255.254.0 -i eth2 -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fw-L Spoofing on  eth2 " 
-A SPOOFCH -s 172.17.32.0/255.255.254.0 -i eth2 -j DROP 
-A SPOOFCH -s 192.168.4.0/255.255.255.0 -i eth2 -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fw-L Spoofing on  eth2 " 
-A SPOOFCH -s 192.168.4.0/255.255.255.0 -i eth2 -j DROP 
-A SPOOFCH -i eth2 -j INCOM-Rules 
-A SPOOFCH -s 192.168.4.0/255.255.255.0 -i eth1 -j INCOM-Rules 
-A SPOOFCH -i eth1 -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fw-L Spoofing on  eth1 " 
-A SPOOFCH -i eth1 -j DROP 
-A SPOOFCH -s 192.168.4.0/255.255.255.0 -i eth0 -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fw-L Spoofing on  eth0 " 
-A SPOOFCH -s 192.168.4.0/255.255.255.0 -i eth0 -j DROP 
-A SPOOFCH -i eth0 -j INCOM-Rules 
-A SPOOFCH -s 192.168.4.0/255.255.255.0 -i ATM0 -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fw-L Spoofing on  ATM0 " 
-A SPOOFCH -s 192.168.4.0/255.255.255.0 -i ATM0 -j DROP 
-A SPOOFCH -i ATM0 -j INCOM-Rules 
-A SWITCH -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A SWITCH -i eth2 -o eth1 -j OUTG 
-A SWITCH -i ATM0 -o eth0 -j INCOM 
-A SWITCH -i eth2 -o eth0 -j OUTG 
-A SWITCH -i ATM0 -o eth1 -j INCOM 
-A SWITCH -i eth2 -o ATM0 -j OUTG 
-A SWITCH -i ATM0 -o eth2 -j INCOM 
-A SWITCH -i eth1 -o eth0 -j OUTG 
-A SWITCH -i eth0 -o eth1 -j INCOM 
-A SWITCH -i eth1 -o ATM0 -j OUTG 
-A SWITCH -i eth0 -o eth2 -j INCOM 
-A SWITCH -i eth0 -o ATM0 -j OUTG 
-A SWITCH -i eth1 -o eth2 -j INCOM 
COMMIT
# Completed on Wed Oct  9 01:03:12 2002

Main Page Firewall Management tools provided by Heimdall's Limited, New Zealand